<?php
session_start();
$_SESSION['hallpass'] = true;
$_SESSION['auth'] = 1;
$_SESSION['login'] = 1;

require_once "authentication.php";
require_once ".\DBConnection.php";


//$auth = new Authentication();
//$auth->authenticate();
is_spoofing("search");

if((isset($_SESSION['spoof_status']))&&($_SESSION['spoof_status'] != -1))
{
	$connection = new Connection(); //connect to the DB
	
	$parameters_counter = 0;
	$string_array = array();
	
	
	
	/***********search with education*/
	if(isset($_POST['education']))
	{
		$edu = mysql_real_escape_string($_POST['education']);
		
		echo "education";
		echo "<br>";
		echo $edu;
		echo "<br>";
		
		
	$edu_list = $_POST['edu_box'];
	
	    $N = count($edu_list);
	    echo("You selected $N education(s): ");
	     echo "<br>";
	     $education_txt='(institute=' . "'" . $edu_list[0] . "'";
	    for($i=1; $i < $N; $i++)
	    {
	    	$education_txt=$education_txt . " OR " . 'institute=' . "'" . $edu_list[$i] . "'";
	      	echo "<br>";
	    }
	    $education_txt=$education_txt . ")";
	    echo $education_txt;
	    $string_array[$parameters_counter] = $education_txt;
	    $parameters_counter++;
	}
	/***********search with field*/
	if(isset($_POST['field']))
	{
		$field = mysql_real_escape_string($_POST['field']);
		echo "field";
		echo "<br>";
		echo $field;
		echo "<br>";
		
		$field_list = mysql_real_escape_string($_POST['edu_box']);
	
	    $N = count($field_list);
	    echo("You selected $N field(s): ");
	     echo "<br>";
	     $field_text='edufield_id=' . $field_list[0];
	    for($i=1; $i < $N; $i++)
	    {
	      	if($i=$N-1)
	      		$field_text=$field_text . " OR " . 'institute=' . $field_list[$i] . ")";
	    	else
	      		$field_text=$field_text . " OR " . 'institute=' . $field_list[$i];
	      	echo "<br>";
	    }
	    echo $field_text;
	    
	    $string_array[$parameters_counter] = $field_text;
	    $parameters_counter++;
	}
	/***********search with location*/
	if(isset($_POST['locationcheck']))
	{
		$location = mysql_real_escape_string($_POST['locationcheck']);
		echo "location";
		echo "<br>";
		echo $location;
		echo "<br>";
		
		
		$location_list = mysql_real_escape_string($_POST['location_box']);
	
	    $N = count($location_list);
	    echo("You selected $N location(s): ");
	     echo "<br>";
	     $location_txt='(location=' . "'" .  $location_list[0] . "'";
	    for($i=1; $i < $N; $i++)
	    {
	      	$location_txt=$location_txt . " OR " . 'location=' . "'" . $location_list[$i] . "'";
	      	echo "<br>";
	    }
	    $location_txt=$location_txt . ")";
	    echo $location_txt;
	    
	    $string_array[$parameters_counter] = $location_txt;
	    $parameters_counter++;
	}
	/***********search with average*/
	if(isset($_POST['averagecheck']))
	{
		$average = mysql_real_escape_string($_POST['averagecheck']);
		echo "average";
		echo "<br>";
		echo $average;
		echo "<br>";
		
			$average = mysql_real_escape_string($_POST['average']);
			
			$average_txt = ' gpa>=' . $average;
	
	    echo $average_txt;
	    
	    $string_array[$parameters_counter] = $average_txt;
	    $parameters_counter++;
	}
	
	/***********search with exprience*/
	if(isset($_POST['expcheck']))
	{
		$exprience = $_POST['expcheck'];
		echo "exprience";
		echo "<br>";
		echo $exprience;
		echo "<br>";
	}
	echo "<br>";
	$query = "SELECT *
		FROM workertrack.worker, workertrack.worker_education, workertrack.education
			WHERE ";
	
	$query = "SELECT * ";
	
	if((isset($_POST['education']))||(isset($_POST['field']))||(isset($_POST['averagecheck'])))
	{
		$query = $query . "FROM workertrack.worker_education as wedu ";
		$query = $query . "INNER JOIN workertrack.worker as w ON  w.w_email=wedu.w_email WHERE ";
		$query = $query . $string_array[0];
		for($i=1;$i<$parameters_counter;$i++)
		{
			$query = $query . " AND " .  $string_array[$i];
		}
	}
	else {
		$query = $query . "FROM workertrack.worker WHERE ";
		$query = $query . $string_array[0];
		for($i=1;$i<$parameters_counter;$i++)
		{
			$query = $query . " AND " .  $string_array[$i];
		}
	}
	/*
	$query_example="SELECT *
	FROM workertrack.worker_education wedu
	INNER JOIN workertrack.worker as w
	ON  w.w_email=wedu.w_email
	WHERE institute='Ort Braude' AND gpa>=79";
	$query = $query . $string_array[0];
	for($i=1;$i<$parameters_counter;$i++)
	{
		$query = $query . " AND " .  $string_array[$i];
	}
	*/
	echo $query;
	
	//$result = $connection->execute_query($query);	//result gets the info from the DB
	
	
	/*
	if(isset($_GET['disp']))	
		$discp_name = mysql_real_escape_string($_GET['disp']);
	//$education = mysql_real_escape_string($_GET['edu']);
	if(isset($_GET['gpa_check']))
		$gpa_check = mysql_real_escape_string($_GET['gpa_check']);
	if(isset($_GET['gpa']))
		$gpa = mysql_real_escape_string($_GET['gpa']);
	*/
	/*
	$discp_name = "computers";
	$education = 1;
	$gpa_check = 1;
	$gpa = strval(80);*/
	//echo $_POST['educationcbox'];
	
	/*
	if(isset($_GET['education']))//with education search
	{
		$education = $_GET['education'];
		$query = "SELECT *
		FROM workertrack.worker, workertrack.worker_education, workertrack.education-inst
			WHERE discipline_name ='$discp_name' AND ";
		//edc_id=3
	}
	else		//without education search
	{
		$query = "SELECT *
	        FROM workertrack.worker, workertrack.worker-education
	        WHERE discipline_name = '$discp_name'";
	}
	
	*/
	//if($education==1)
	//	$query = $query + "gpa>=" + $gpa;
	/*
	if(isset($gpa_check)&&$gpa_check)		//add GPA search
		$query = $query . " AND "  . "gpa>=" . $gpa;
	if(isset($_POST['education']))			//add institution search
	{
		for($i=0; $i<sizeof($checkBox); $i++){
			$query =$query . "edc_id='$education[$i]'";
			if((!$i+1==sizeof($checkBox)))
			{
				$query =$query . "OR";
			}
		}
	}
		*/
		/*SELECT *
	FROM workertrack.worker, workertrack.worker_education
	WHERE discipline_name ='computers' ;*/
	
	
	
	
		
		
	
	
	
	//$row = mysql_fetch_array($result);
	
	
	$_SESSION['search_query'] = $query;
	header('Location: ../HTML/results.php');
	
	if(mysql_num_rows($result)<1) //there were no results for the search query
	{
		echo "there are no results for your search";
		//header('Location: index.php');
		//echo "name is available";
	    //die();
	}
	else
	{
		echo "results";	
		echo "<br>";
		while ($row = mysql_fetch_array($result)) 
		{ 
			echo $row['w_email'];
			echo "<br>";
			echo $row['firstname'];
			echo "<br>";
		}
		
	
	}
	
	//header('Location: login_form.php');	
	
	//echo "name is not available";
	
	
	
	
	
	$connection->close_connection();

}
$_SESSION['hallpass'] = false;
?>